The FBI has confirmed that the cybercriminal group Scattered Spider is expanding its targeting to include the airline sector in a series of ransomware attacks. The group, known for its sophisticated social engineering tactics, has been linked to multiple retail and finance sector attacks.
According to an analysis by the Reliaquest Threat Research Team, 81% of Scattered Spider domains impersonate technology vendors or system administrators, making them a threat to organizations with high-value credentials.
The FBI warns that Scattered Spider uses social engineering techniques to deceive IT help desks into granting access. The group bypasses multi-factor authentication and exploits trust-based systems like help desks.
In addition to the airline sector, insurance companies are also being targeted by Scattered Spider. Experts advise businesses in all sectors to remain vigilant, as the group’s tactics can often appear isolated but ultimately lead to lateral movement and credential harvesting.
The FBI is actively working with aviation and industry partners to address this activity and assist victims. Organizations that think they may have been targeted should contact their local FBI office.
Source: https://www.forbes.com/sites/daveywinder/2025/06/30/fbi-warning-issued-as-2fa-bypass-attacks-surge—act-now